Lenovo, the largest PC manufacturer in the world, has been accused of fatally compromising user security by installing an adware application on all its Windows computers as they leave the factory.
The software, called Superfish, purports to offer users a “visual search” experience. In actual fact, it injects third-party advertisements into Google search results and websites, without asking the user.
But in order to place adverts on websites served to the user over an encrypted connection, as Google does by default, Lenovo owners report that Superfish also breaks the security used by every computer to access the internet privately. Even if the user removes the adware from their computer, the artificial security hole stays active. It leaves any Lenovo user permanently open to a “man in the middle” attack any time they use a public Wi-Fi network, letting an eavesdropper read users’ web browsing at will.
Users had been complaining about Superfish on Lenovo’s forums since September 2014, but it took until late January for the Chinese firm, which leads the PC market in terms of units sold, to respond. In the fourth quarter of 2014 alone, the company sold 16 m PCs, including the hugely popular ThinkPad range, which it bought from IBM in 2005.